formbook | f8af6efe9052eb6b739bfabece42b72f96a8226d3d826af5a0f7f436bd2d898e

General

Target

f8af6efe9052eb6b739bfabece42b72f96a8226d3d826af5a0f7f436bd2d898e
Size

168KB
Sample

220201-c1qq3afhe5
MD5

459c907fe86777d71bb161af51ac1229
SHA1

6e2ddd3e8841236893a5e34401998e3eb560a8bc
SHA256

f8af6efe9052eb6b739bfabece42b72f96a8226d3d826af5a0f7f436bd2d898e
SHA512

8789ce8d8939c99fb15a8d6fb0715db6d5ca5bd969df1d0a469f868d85322d4bfa97bff1862f77edb5d847c0047e0d64d35069db345c64491662a78275ed9531

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

z50

Decoy

points12.net

kanaspeed.com

bgal.net

mackenzieconner.com

6figureservice.com

enz89g5.info

firminafoundation.net

ollie.email

2ndchanceemployers.com

legvarberles.com

embodiedtherapysantarosa.com

westwisconsinsoccertalk.com

suppertexsmart.online

sportstecinternational.com

tco.tax

floodedbybarkersreservoir.info

marketresearchoptimized.com

cdszsq.com

abijouclinicsh.com

756ejo.info

Targets

- Target
  
  f8af6efe9052eb6b739bfabece42b72f96a8226d3d826af5a0f7f436bd2d898e
- Size
  
  168KB
- MD5
  
  459c907fe86777d71bb161af51ac1229
- SHA1
  
  6e2ddd3e8841236893a5e34401998e3eb560a8bc
- SHA256
  
  f8af6efe9052eb6b739bfabece42b72f96a8226d3d826af5a0f7f436bd2d898e
- SHA512
  
  8789ce8d8939c99fb15a8d6fb0715db6d5ca5bd969df1d0a469f868d85322d4bfa97bff1862f77edb5d847c0047e0d64d35069db345c64491662a78275ed9531
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Sets service image path in registry

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2